How To Force Outbound SSH Through One Network Card

Home » CentOS » How To Force Outbound SSH Through One Network Card
CentOS 7 Comments

Everyone,

I am putting together a new gateway machine that controls all of the traffic in and out of one of our offices.  We we have a machine with CentOS Linux release 7.2.1511 (Core)  with 3.10.0-327.10.1.el7.x86_64
kernel which is now equipped with three nic cards.   We decided to change our internet providers, but unfortunately Comcast would not allow us to drop there service without some penalties so management decided to keep the line and not put up a fight. Of the three nic cards, one card serves the local network inside the office, and the other two will connect to the two different internet lines.   

This has resulted in providing us with two outbound internet lines that we can use.  I decided to do some experimenting to see if I could use iptables or other venues to use both outside internet addresses to augment our bandwidth.  

Can anyone refer me to any tutorial or give me suggestions as to how to route outbound SSH traffic that is generated from one of the machines inside the network through only one of the specified nic cards on the gateway.  I would like to see if I can utilize this extra band width by splitting SSH traffic and html traffic.  Essentially, I would like to force outbound SSH traffic on only one of the outside nic cards.

Any ideas?

Greg Ennis

7 thoughts on - How To Force Outbound SSH Through One Network Card

  • though I have no personal experience with this, I’m guessing that the term you want is “bonding” or “bonded interfaces”. You can probably find articles on how to do that with some judicious googling. I know I’ve seen such articles, but haven’t kept any records of where.

    Good luck!

    Fred

  • NO.

    you can’t bond two interfaces connected to different ISP’s.

    best you can do is limited load balancing, and/or use source tagged routing via ip rules to change gateways. its a mess to get right.

  • sadly, that document is like 15 years old, and hasn’t been updated.
    the basics are still valid, but things like how to integrate that with RHEL startup scripts? nada, you’re on your own.

  • Em 09-03-2016 01:54, John R Pierce escreveu:

    That’s actually beyond that document scope.

    Anyway, /usr/share/initscripts-*/sysconfig.txt has the info you need to integrate those comments on RHEL. Like, for the ip rule commands:

    /etc/sysconfig/network-scripts/rule-
    /etc/sysconfig/network-scripts/rule6-

    Contains lines that specify additional routing rules that should be added
    when the associated interface is brought up.

    Each non-comment line is used directly as an argument to “/sbin/ip rule add”
    or “/sbin/ip -6 rule add” for rule6 files.

    YMMV if you want to use NetworkManager/firewalld, of course.

    Marcelo

  • I did this once more than 10 years ago. If I was to do it again, I would probably get shorewall to do most of the heavy lifting:

    ——————————————-